package com.gxz.security.controller;

import com.gxz.security.entity.Users;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import java.util.ArrayList;
import java.util.List;

@Controller
@ResponseBody
@RequestMapping("/test")
public class HelloController {

    @GetMapping("/hello")
    public String hello() {
        return "hello, security";
    }

    @GetMapping("/index")
    public String index() {
        return "hello, index";
    }


    @GetMapping("/update")

    //@Secured({"ROLE_sale","ROLE_manager"})
    //@PreAuthorize("hasAnyAuthority('admins')")
    @PostAuthorize("hasAnyAuthority('admins')")
    public String update() {
        System.out.println("update.....");
        return "hello update";
    }


    @RequestMapping("/getAll")
    @PreAuthorize("hasAnyAuthority('admins')")
    @PostFilter("filterObject.username=='admin1'")
    @ResponseBody
    public List<Users> getAllUser() {
        ArrayList<Users> list = new ArrayList<>();
        list.add(new Users(11, "admin1", "666"));
        list.add(new Users(21, "admin2", "888"));
        System.out.println(list);
        return list;
    }

}
